task manager disabled after running a program downloaded from emule

Question

i ran f-prot and panda anti-virus. they cleaned so virii but the task manager remainds disabled. please help. Logfile of HijackThis v1.99.1 Scan saved at 8:21:34 PM, on 8/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32undll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE E:\TEMPOR~1\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\PROGRA~1\MOZILLA\MOZILL~1\FIREFOX.EXE C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\eMule\emule.exe D:\Documents\My Applications\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [\Bigfastcat\EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P36 '\Bigfastcat\EPSON Stylus C45 Series' /O6 'USB001' /M 'Stylus C45' O4 - HKLM\..\Run: [Acrobat Assistant 7.0] 'C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe' O4 - HKLM\..\Run: [IMJPMIG8.1] 'C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE' /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKCU\..\Run: [AWMON] 'C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe' O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

RKinner · Answer

Start, Run, regedit, OK to bring up the regedit program.
find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)
Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK.

Also check:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

but this time look for an entry:

DisableTaskMgr
in the right hand pane. Highlight and delete.

Close the program and reboot.

If that doesn't help then
Download to your desktop: UnhookExec.inf from:
http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html
and then right click on it and Install.

smitfraud.reg may also help:

http://www.bleepingcomputer.com/forums/How_to_remove_the_Smitfraud_Quicknavigate_VirtualMaid-t17258.html

Ron

bultokachi · Answer

thanks a lot man! works like magic

RKinner · Answer

Just for the record did the first steps (upto the reboot) fix it for you or did you have to try one of the others?

Ron

Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained) and then you can just go back to an earlier time if you hit a bad site. One way to make this more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm

Never hurts to do one of the free on line scans from Panda or Trend. They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
In addition to Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
I like to run Spybot S&D.
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while.
http://www.lavasoftusa.com/software/adaware/

Ron

bultokachi · Answer

i was preparing to do some registry editing. yet the tool supplied, i forgot the name, which automates the removal of the spyware, did the job. really great help man

Virus & Spyware

Was this post helpful?